Description: Lack of check allows admin to call setAdmin() with their own address, leading to potential gas griefing or governance stagnation.

Summary:

The setAdmin() function lacks a condition to prevent the current admin from reassigning themselves. This introduces a pointless state change that could be exploited for griefing or accidental misuse.

Vulnerability Details:

function setAdmin(address _newAdmin) external {

require(msg.sender == adminAddress, "Only admin can set new admin");

require(_newAdmin != address(0), "Admin cannot be zero address");

adminAddress = _newAdmin;

}

There’s no require(_newAdmin != adminAddress) check.

This allows the current admin to reassign themselves repeatedly.

Could be abused to fill blocks with unnecessary gas consumption.

Impact:

Medium severity (DoS/gas griefing vector, no loss of funds but direct disruption of protocol integrity).

Prevents transparent admin rotation.

Tools Used:

Manual review.

Recommendations:

Add an explicit check to ensure the new admin is different from the current one:

require(_newAdmin != adminAddress, "Admin is already assigned");